On Tue, 27 Nov 2007 17:05:54 -0500, Steve Grubb wrote: > On Tuesday 27 November 2007 16:27:25 Martin Ebourne wrote: >> In the absence of an ability for selinux to know if pam_ssh is >> configured then at least having the policy in the module would only >> activate it if pam_ssh was installed. > > This is why we have selinux booleans. Its to swing permissions in and > out depending on what's installed. Booleans should be for policy decisions the administrator needs to make. (eg. allow users to run servers that listen on tcp ports) Having a boolean to enable use of a package you've already installed is the wrong use. Cheers, Martin. -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
